PayCrow

Security checks across malware telemetry and agentic risk

Overview

PayCrow is a purpose-aligned trust-checking skill that sends queried wallet addresses to PayCrow's hosted API, with no embedded code, persistence, credentials, or direct payment authority in this artifact.

Install this as a trust-check helper, not as proof that a payment is safe. Only query wallet addresses you are comfortable sending to PayCrow, treat scores as advisory, and separately review the MCP server, wallet permissions, spending limits, and contract behavior before enabling escrow or payment tools.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill directs users to send an Ethereum address to a third-party Trust API but does not disclose that this identifier is being transmitted off-platform. Even though wallet addresses are public on-chain, sharing the queried address with an external service can reveal user intent, counterparties, or payment plans and creates an avoidable privacy leak.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal